From 93da43e3117f9d1431036a170e6e53e124938646 Mon Sep 17 00:00:00 2001
From: avesh agarwal <avesh@fedoraproject.org>
Date: Thu, 8 Jul 2010 16:41:03 +0000
Subject: [PATCH] - Modified to initiate VPN connections with openswan whack
 interface - Fixed the issue of world readable conf and secret files - Cleaned
 conf and secret files after VPN connection is stopped - Fixed the issue of
 storing sensitive information like user password in a     file (rhbz# 607352)
 - Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due to the same change in  
   Openswan - Modifed GUI to remove unused configuration boxes

---
 NetworkManager-openswan.spec |  19 +-
 nm-secret-whack.patch        | 408 +++++++++++++++++++++++++++++++++++
 2 files changed, 425 insertions(+), 2 deletions(-)
 create mode 100644 nm-secret-whack.patch

diff --git a/NetworkManager-openswan.spec b/NetworkManager-openswan.spec
index d19484c..c312e34 100644
--- a/NetworkManager-openswan.spec
+++ b/NetworkManager-openswan.spec
@@ -6,7 +6,7 @@
 Summary:   NetworkManager VPN plug-in for openswan
 Name:      NetworkManager-openswan
 Version:   0.8.0
-Release:   1%{snapshot}%{?dist}
+Release:   2%{snapshot}%{?dist}
 License:   GPLv2+
 Group:     System Environment/Base
 URL:       http://people.redhat.com/avagarwa/files/NetworkManager-openswan/
@@ -17,6 +17,9 @@ URL:       http://people.redhat.com/avagarwa/files/NetworkManager-openswan/
 Source0:    http://people.redhat.com/avagarwa/files/%{name}/%{name}-%{realversion}.tar.gz
 BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 
+
+Patch1: nm-secret-whack.patch
+
 BuildRequires: gtk2-devel
 #BuildRequires: dbus-devel
 #BuildRequires: NetworkManager-devel
@@ -38,6 +41,8 @@ with NetworkManager and the GNOME desktop
 %prep
 %setup -q  -n NetworkManager-openswan-%{realversion}
 
+%patch1 -p1
+
 %build
 %configure --disable-static --enable-more-warnings=yes
 make %{?_smp_mflags}
@@ -71,5 +76,15 @@ rm -rf $RPM_BUILD_ROOT
 %dir %{_datadir}/gnome-vpn-properties/openswan
 
 %changelog
-* Tue Jun 15 2010 Avesh Agarwal  <avagarwa@redhat.com> - 0.8.0-1.20100411git
+* Thu Jul 8 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-2.20100411git
+- Modified to initiate VPN connections with openswan whack interface
+- Fixed the issue of world readable conf and secret files 
+- Cleaned conf and secret files after VPN connection is stopped
+- Fixed the issue of storing sensitive information like user 
+  password in a file (rhbz# 607352)
+- Changed PLUTO_SERVERBANNER to PLUTO_PEER_BANNER due
+  to the same change in Openswan
+- Modifed GUI to remove unused configuration boxes
+
+* Tue Jun 15 2010 Avesh Agarwal <avagarwa@redhat.com> - 0.8.0-1.20100411git
 - Initial build
diff --git a/nm-secret-whack.patch b/nm-secret-whack.patch
new file mode 100644
index 0000000..8bcea5e
--- /dev/null
+++ b/nm-secret-whack.patch
@@ -0,0 +1,408 @@
+diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan.c NetworkManager-openswan-0.8/properties/nm-openswan.c
+--- NetworkManager-openswan-0.8-orig/properties/nm-openswan.c	2010-06-04 17:50:13.000000000 -0400
++++ NetworkManager-openswan-0.8/properties/nm-openswan.c	2010-07-08 12:15:43.376302841 -0400
+@@ -426,7 +426,7 @@ init_plugin_ui (OpenswanPluginUiWidget *
+ 	}
+ 	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
+ 
+-	widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
++	/*widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
+ 	g_return_val_if_fail (widget != NULL, FALSE);
+ 	if (s_vpn) {
+ 		value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT);
+@@ -442,7 +442,7 @@ init_plugin_ui (OpenswanPluginUiWidget *
+ 				gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (widget), TRUE);
+ 		}
+ 	}
+-	g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);
++	g_signal_connect (G_OBJECT (widget), "toggled", G_CALLBACK (stuff_changed_cb), self);*/
+ 
+ 	widget = glade_xml_get_widget (priv->xml, "show_passwords_checkbutton");
+ 	g_return_val_if_fail (widget != NULL, FALSE);
+@@ -530,20 +530,20 @@ update_connection (NMVpnPluginUiWidgetIn
+ 	if (str && strlen (str))
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DOMAIN, str);
+ 
+-	widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
+-	if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
+-		nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0");
+-	} else {
++	//widget = glade_xml_get_widget (priv->xml, "disable_dpd_checkbutton");
++	//if (gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (widget))) {
++	//	nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, "0");
++	//} else {
+ 		/* If DPD was disabled and now the user wishes to enable it, just
+ 		 * don't pass the DPD_IDLE_TIMEOUT option to openswan and thus use the
+ 		 * default DPD idle time.  Otherwise keep the original DPD idle timeout.
+ 		 */
+-		if (priv->orig_dpd_timeout >= 10) {
+-			char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
+-			nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp);
+-			g_free (tmp);
+-		}
+-	}
++	//	if (priv->orig_dpd_timeout >= 10) {
++	//		char *tmp = g_strdup_printf ("%d", priv->orig_dpd_timeout);
++	//		nm_setting_vpn_add_data_item (s_vpn, NM_OPENSWAN_DPDTIMEOUT, tmp);
++	//		g_free (tmp);
++	//	}
++	//}
+ 
+ 	upw_type = handle_one_pw_type (s_vpn, priv->xml, "user_pass_type_combo", NM_OPENSWAN_XAUTH_PASSWORD_INPUT_MODES);
+ 	gpw_type = handle_one_pw_type (s_vpn, priv->xml, "group_pass_type_combo", NM_OPENSWAN_PSK_INPUT_MODES);
+diff -urNp NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade
+--- NetworkManager-openswan-0.8-orig/properties/nm-openswan-dialog.glade	2010-06-04 17:50:13.000000000 -0400
++++ NetworkManager-openswan-0.8/properties/nm-openswan-dialog.glade	2010-07-08 12:20:07.277052416 -0400
+@@ -1,7 +1,7 @@
+-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+-<!DOCTYPE glade-interface SYSTEM "glade-2.0.dtd">
+-<!--*- mode: xml -*-->
++<?xml version="1.0"?>
+ <glade-interface>
++  <!-- interface-requires gtk+ 2.6 -->
++  <!-- interface-naming-policy toplevel-contextual -->
+   <widget class="GtkWindow" id="openswan-widget">
+     <property name="title" translatable="yes">window1</property>
+     <child>
+@@ -23,6 +23,7 @@
+               <packing>
+                 <property name="expand">False</property>
+                 <property name="fill">False</property>
++                <property name="position">0</property>
+               </packing>
+             </child>
+             <child>
+@@ -37,18 +38,6 @@
+                     <property name="column_spacing">6</property>
+                     <property name="row_spacing">6</property>
+                     <child>
+-                      <placeholder/>
+-                    </child>
+-                    <child>
+-                      <placeholder/>
+-                    </child>
+-                    <child>
+-                      <placeholder/>
+-                    </child>
+-                    <child>
+-                      <placeholder/>
+-                    </child>
+-                    <child>
+                       <widget class="GtkComboBox" id="group_pass_type_combo">
+                         <property name="visible">True</property>
+                         <property name="items" translatable="yes"> </property>
+@@ -74,10 +63,10 @@
+                     </child>
+                     <child>
+                       <widget class="GtkCheckButton" id="show_passwords_checkbutton">
++                        <property name="label" translatable="yes">Show passwords</property>
+                         <property name="visible">True</property>
+                         <property name="can_focus">True</property>
+-                        <property name="label" translatable="yes">Show passwords</property>
+-                        <property name="response_id">0</property>
++                        <property name="receives_default">False</property>
+                         <property name="draw_indicator">True</property>
+                       </widget>
+                       <packing>
+@@ -197,6 +186,18 @@
+                         <property name="y_options"></property>
+                       </packing>
+                     </child>
++                    <child>
++                      <placeholder/>
++                    </child>
++                    <child>
++                      <placeholder/>
++                    </child>
++                    <child>
++                      <placeholder/>
++                    </child>
++                    <child>
++                      <placeholder/>
++                    </child>
+                   </widget>
+                 </child>
+               </widget>
+@@ -207,6 +208,7 @@
+           </widget>
+           <packing>
+             <property name="expand">False</property>
++            <property name="position">0</property>
+           </packing>
+         </child>
+         <child>
+@@ -223,6 +225,7 @@
+               <packing>
+                 <property name="expand">False</property>
+                 <property name="fill">False</property>
++                <property name="position">0</property>
+               </packing>
+             </child>
+             <child>
+@@ -237,47 +240,6 @@
+                     <property name="column_spacing">6</property>
+                     <property name="row_spacing">6</property>
+                     <child>
+-                      <placeholder/>
+-                    </child>
+-                    <child>
+-                      <widget class="GtkCheckButton" id="disable_dpd_checkbutton">
+-                        <property name="visible">True</property>
+-                        <property name="can_focus">True</property>
+-                        <property name="label" translatable="yes">Disable Dead Peer Detection</property>
+-                        <property name="response_id">0</property>
+-                        <property name="draw_indicator">True</property>
+-                      </widget>
+-                      <packing>
+-                        <property name="left_attach">1</property>
+-                        <property name="right_attach">2</property>
+-                        <property name="top_attach">4</property>
+-                        <property name="bottom_attach">5</property>
+-                      </packing>
+-                    </child>
+-                    <child>
+-                      <widget class="GtkComboBox" id="encryption_combo">
+-                        <property name="visible">True</property>
+-                        <property name="items" translatable="yes"> </property>
+-                      </widget>
+-                      <packing>
+-                        <property name="left_attach">1</property>
+-                        <property name="right_attach">2</property>
+-                        <property name="top_attach">2</property>
+-                        <property name="bottom_attach">3</property>
+-                      </packing>
+-                    </child>
+-                    <child>
+-                      <widget class="GtkLabel" id="label1">
+-                        <property name="visible">True</property>
+-                        <property name="xalign">0</property>
+-                        <property name="label" translatable="yes">Encryption method:</property>
+-                      </widget>
+-                      <packing>
+-                        <property name="top_attach">2</property>
+-                        <property name="bottom_attach">3</property>
+-                      </packing>
+-                    </child>
+-                    <child>
+                       <widget class="GtkLabel" id="label26">
+                         <property name="visible">True</property>
+                         <property name="xalign">0</property>
+@@ -326,27 +288,22 @@
+                       </packing>
+                     </child>
+                     <child>
+-                      <widget class="GtkLabel" id="label2">
+-                        <property name="visible">True</property>
+-                        <property name="xalign">0</property>
+-                        <property name="label" translatable="yes">NAT traversal:</property>
+-                      </widget>
+-                      <packing>
+-                        <property name="top_attach">3</property>
+-                        <property name="bottom_attach">4</property>
+-                      </packing>
++                      <placeholder/>
+                     </child>
+                     <child>
+-                      <widget class="GtkComboBox" id="natt_combo">
+-                        <property name="visible">True</property>
+-                        <property name="items" translatable="yes"> </property>
+-                      </widget>
+-                      <packing>
+-                        <property name="left_attach">1</property>
+-                        <property name="right_attach">2</property>
+-                        <property name="top_attach">3</property>
+-                        <property name="bottom_attach">4</property>
+-                      </packing>
++                      <placeholder/>
++                    </child>
++                    <child>
++                      <placeholder/>
++                    </child>
++                    <child>
++                      <placeholder/>
++                    </child>
++                    <child>
++                      <placeholder/>
++                    </child>
++                    <child>
++                      <placeholder/>
+                     </child>
+                   </widget>
+                 </child>
+diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c NetworkManager-openswan-0.8/src/nm-openswan-service.c
+--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service.c	2010-06-04 17:50:13.000000000 -0400
++++ NetworkManager-openswan-0.8/src/nm-openswan-service.c	2010-07-08 11:39:24.904302790 -0400
+@@ -202,14 +202,14 @@ openswan_watch_cb_auto (GPid pid, gint s
+         if (WIFEXITED (status)) {
+                 error = WEXITSTATUS (status);
+                 if (error != 0)
+-                        nm_warning ("openswan: ipsec auto exited with error code %d", error);
++                        nm_warning ("openswan: ipsec whack exited with error code %d", error);
+         }
+         else if (WIFSTOPPED (status))
+-                nm_warning ("openswan: ipsec auto stopped unexpectedly with signal %d", WSTOPSIG (status));
++                nm_warning ("openswan: ipsec whack stopped unexpectedly with signal %d", WSTOPSIG (status));
+         else if (WIFSIGNALED (status))
+-                nm_warning ("openswan: ipsec auto died with signal %d", WTERMSIG (status));
++                nm_warning ("openswan: ipsec whack died with signal %d", WTERMSIG (status));
+         else
+-                nm_warning ("openswan: ipsec auto died from an unknown cause");
++                nm_warning ("openswan: ipsec whack died from an unknown cause");
+ 
+         /* Reap child if needed. */
+         waitpid (priv->pid_auto, NULL, WNOHANG);
+@@ -218,7 +218,7 @@ openswan_watch_cb_auto (GPid pid, gint s
+ 
+ 
+ static gint
+-nm_openswan_start_openswan_binary (NMOPENSWANPlugin *plugin, GError **error)
++nm_openswan_start_openswan_binary (NMSettingVPN *s_vpn, NMOPENSWANPlugin *plugin, GError **error)
+ {
+ 	GPid	pid, pid_auto;
+ 	const char **openswan_binary = NULL;
+@@ -259,12 +259,14 @@ nm_openswan_start_openswan_binary (NMOPE
+ 
+ 	sleep(2);
+ 
+-	/*ipsec auto --up <conn-name>*/
+ 	openswan_argv = g_ptr_array_new ();
+ 	g_ptr_array_add (openswan_argv, (gpointer) (*openswan_binary));
+-	g_ptr_array_add (openswan_argv, (gpointer) "auto");
+-	g_ptr_array_add (openswan_argv, (gpointer) "--up");
++	g_ptr_array_add (openswan_argv, (gpointer) "whack");
++	g_ptr_array_add (openswan_argv, (gpointer) "--initiate");
++	g_ptr_array_add (openswan_argv, (gpointer) "--name");
+ 	g_ptr_array_add (openswan_argv, (gpointer) "nm-conn1");
++	g_ptr_array_add (openswan_argv, (gpointer) "--xauthpass");
++	g_ptr_array_add (openswan_argv, (gpointer) nm_setting_vpn_get_secret (s_vpn, NM_OPENSWAN_XAUTH_PASSWORD));
+ 	g_ptr_array_add (openswan_argv, NULL);
+ 
+ 	if (!g_spawn_async_with_pipes (NULL, (char **) openswan_argv->pdata, NULL,
+@@ -272,18 +274,18 @@ nm_openswan_start_openswan_binary (NMOPE
+ 							 NULL, NULL, error)) {
+ 
+ 		g_ptr_array_free (openswan_argv, TRUE);
+-		nm_warning ("openswan: ipsec auto failed to start.  error: '%s'", (*error)->message);
++		nm_warning ("openswan: ipsec whack failed to start.  error: '%s'", (*error)->message);
+ 		return -1;
+ 	}
+ 	g_ptr_array_free (openswan_argv, TRUE);
+ 
+-        nm_info ("openswan: ipsec auto started with pid %d", pid_auto);
++	nm_info ("openswan: ipsec whack started with pid %d", pid_auto);
+ 
+-        NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
+-        openswan_watch = g_child_watch_source_new (pid_auto);
+-        g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
+-        g_source_attach (openswan_watch, NULL);
+-        g_source_unref (openswan_watch);
++	NM_OPENSWAN_PLUGIN_GET_PRIVATE (plugin)->pid_auto = pid_auto;
++	openswan_watch = g_child_watch_source_new (pid_auto);
++	g_source_set_callback (openswan_watch, (GSourceFunc) openswan_watch_cb_auto, plugin, NULL);
++	g_source_attach (openswan_watch, NULL);
++	g_source_unref (openswan_watch);
+ 
+ 	return stdin_fd;
+ }
+@@ -318,8 +320,8 @@ write_one_property (const char *key, con
+ 	WriteConfigInfo *info = (WriteConfigInfo *) user_data;
+ 	GType type = G_TYPE_INVALID;
+ 	int i;
+-        const char *default_username;
+-        const char *props_username;
++        //const char *default_username;
++        //const char *props_username;
+ 	const char *leftid;
+ 
+ 	if (info->error)
+@@ -365,19 +367,19 @@ write_one_property (const char *key, con
+ 		//write_config_option (info->fd, "%s %s\n", (char *) key, (char *) value);
+ 
+                 if (!strcmp (key, NM_OPENSWAN_PSK_VALUE)) {
+-		leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID);
++		        leftid=nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTID);
+                 write_config_option (info->secret_fd, "@%s: PSK \"%s\"\n", leftid, (char *) value);
+                 }
+ 
+                 if (!strcmp (key, NM_OPENSWAN_XAUTH_PASSWORD)) {
+-                default_username = nm_setting_vpn_get_user_name (info->s_vpn);
++                /*default_username = nm_setting_vpn_get_user_name (info->s_vpn);
+                 props_username = nm_setting_vpn_get_data_item (info->s_vpn, NM_OPENSWAN_LEFTXAUTHUSER);
+                 	if ( default_username && strlen (default_username)
+                         && (!props_username || !strlen (props_username))) {
+                 	write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n",default_username, (char *) value);
+                 	} else {
+                 	write_config_option (info->secret_fd, "@%s : XAUTH \"%s\"\n", props_username, (char *) value);
+-                	}
++                	}*/
+                 }
+ 
+ 	} else if (type == G_TYPE_BOOLEAN) {
+@@ -426,8 +428,8 @@ nm_openswan_config_write (NMSettingVPN *
+ 	gint conf_fd=-1;
+ 	gint secret_fd=-1;
+ 
+-        conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
+-        secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH);
++        conf_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.conf", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
++        secret_fd = open ("/etc/ipsec.d/ipsec-nm-conn1.secrets", O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
+ 
+         fdtmp1 = conf_fd;
+         if(fdtmp1 != -1) {
+@@ -454,8 +456,10 @@ nm_openswan_config_write (NMSettingVPN *
+         write_config_option (fdtmp1, " ike=aes-sha1\n");
+         write_config_option (fdtmp1, " esp=aes-sha1;modp1024\n");
+         write_config_option (fdtmp1, " nm_configured=yes\n");
+-	//write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
++        //write_config_option (fdtmp1, " leftupdown=%s\n", NM_OSW_UPDOWN_PATH);
+         write_config_option (fdtmp1, " auto=add\n");
++        //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_VPN_SETTING_NAME));
++        //write_config_option (fdtmp1, " #connectionname=%s\n", nm_setting_vpn_get_data_item (s_vpn, NM_SETTING_NAME));
+ 	}
+ 
+ 	//default_username = nm_setting_vpn_get_user_name (s_vpn);
+@@ -514,10 +518,10 @@ real_connect (NMVPNPlugin   *plugin,
+ 	if (!nm_openswan_secrets_validate (s_vpn, error))
+ 		goto out;
+ 
+-        if (!nm_openswan_config_write (s_vpn, error))
+-                goto out;
++	if (!nm_openswan_config_write (s_vpn, error))
++		goto out;
+ 
+-	openswan_fd = nm_openswan_start_openswan_binary (NM_OPENSWAN_PLUGIN (plugin), error);
++	openswan_fd = nm_openswan_start_openswan_binary (s_vpn, NM_OPENSWAN_PLUGIN (plugin), error);
+ 	if (openswan_fd < 0)
+ 		goto out;
+ 
+@@ -622,6 +626,9 @@ real_disconnect (NMVPNPlugin   *plugin,
+         }
+         g_ptr_array_free (openswan_argv, TRUE);
+ 
++        unlink("/etc/ipsec.d/ipsec-nm-conn1.conf");
++        unlink("/etc/ipsec.d/ipsec-nm-conn1.secrets");
++
+ 	return TRUE;
+ }
+ 
+diff -urNp NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c
+--- NetworkManager-openswan-0.8-orig/src/nm-openswan-service-helper.c	2010-06-04 17:50:13.000000000 -0400
++++ NetworkManager-openswan-0.8/src/nm-openswan-service-helper.c	2010-07-06 15:10:51.737035482 -0400
+@@ -195,7 +195,7 @@ addr_list_to_gvalue (const char *str)
+  * PLUTO_MY_SOURCEIP		-- address
+  * PLUTO_CISCO_DNS_INFO         -- list of dns serverss
+  * PLUTO_CISCO_DOMAIN_INFO      -- default domain name
+- * PLUTO_SERVERBANNER           -- banner from server
++ * PLUTO_PEER_BANNER           -- banner from server
+  *
+  */
+ int 
+@@ -288,7 +288,7 @@ main (int argc, char *argv[])
+ 		g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
+ 
+ 	/* Banner */
+-	val = str_to_gvalue (getenv ("PLUTO_SERVERBANNER"), TRUE);
++	val = str_to_gvalue (getenv ("PLUTO_PEER_BANNER"), TRUE);
+ 	if (val)
+ 		g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);
+